Privacy Policy

Overview

This Privacy Policy describes how PulseAI ("we", "us", "PulseAI") collects, uses, stores, and protects information when you use our website at pulseaiapp.co and our application (collectively, the "Service"). PulseAI is operated from Toronto, Ontario, Canada.

By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

Information we collect

Account information

When you create a PulseAI account, we collect your name, email address, and authentication identifiers from your sign-in provider (e.g., Google). We do not store passwords directly.

Google Ads data (with your authorization)

When you connect your Google Ads account through Google's OAuth 2.0 flow, you grant PulseAI access to the https://www.googleapis.com/auth/adwords scope. With this access, we read the following data from your authorized accounts:

• Account, manager (MCC), and customer identifiers
• Campaign, ad group, ad, and keyword names and structure
• Performance metrics (impressions, clicks, cost, conversions, conversion values, CTR, CPC, ROAS)
• Targeting and budget settings
• Historical performance data, up to the Google Ads API's standard retention window

We do not modify your campaigns, change bids or budgets, upload conversions, or otherwise make write operations against your Google Ads accounts. Our integration is currently read-only.

Usage data

We collect standard application telemetry: pages visited within PulseAI, features used, approximate location derived from IP, browser and device type, and timestamps. This is used to improve the Service and diagnose issues.

How we use information

We use the information we collect to:

• Provide the Service — generate insights, summaries, alerts, and recommendations for your authorized Google Ads accounts
• Communicate with you about product updates, account issues, and security
• Improve PulseAI through aggregate analytics and feature performance measurement
• Detect, prevent, and respond to fraud, abuse, security, or technical issues
• Comply with legal obligations

How we store and protect information

Data is stored in encrypted form (at rest and in transit) on infrastructure provided by reputable cloud hosting providers located in North America. Access to production data is restricted to authorized PulseAI personnel and is logged and audited.

OAuth refresh tokens are stored encrypted using industry-standard encryption (AES-256 or equivalent). We rotate encryption keys periodically and revoke compromised credentials immediately upon detection.

Data sharing

We do not sell your personal information. We do not share your Google Ads data with third parties except:

• Service providers we rely on to operate PulseAI (cloud hosting, error monitoring, customer support tooling, analytics) under contractual confidentiality and data-processing terms
• Legal requests where we are compelled by law, court order, or governmental authority
• With your consent for any other purpose, communicated to you in advance

Google API Services User Data Policy

PulseAI's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide or improve user-facing features of PulseAI that are visible and prominent in the user interface
• We do not use Google user data for advertising purposes
• We do not allow humans to read Google user data, except (a) with explicit user consent for specific data, (b) for security investigations, (c) for legal compliance, or (d) where data has been aggregated and anonymized for internal operations
• We do not transfer Google user data to third parties except as necessary to provide or improve the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users

Your rights and controls

You can:

• Revoke PulseAI's access to your Google Ads account at any time through your Google Account permissions page. Once revoked, PulseAI will no longer be able to read your Google Ads data.
• Request deletion of your PulseAI account and all associated data by emailing privacy@pulseaiapp.co. We will complete deletion within 30 days, except where retention is required by law.
• Request a copy of the personal data we hold about you, including data derived from your connected Google Ads accounts.
• Correct or update inaccurate information in your account.
• Object to or restrict certain processing of your personal information.

Residents of the European Economic Area, United Kingdom, and California have additional rights under GDPR, UK GDPR, and CCPA respectively. To exercise these rights, contact privacy@pulseaiapp.co.

Data retention

We retain account information for as long as your PulseAI account is active. Google Ads data is retained according to your account's tier — typically a rolling 25 to 37 months of historical data — and is deleted along with your account upon deletion request.

Anonymized and aggregated data (which cannot be used to identify you) may be retained indefinitely for analytics and product improvement.

Cookies and tracking

PulseAI uses cookies and similar technologies to maintain your authenticated session and remember preferences. We do not use third-party advertising trackers.

Children's privacy

PulseAI is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided information to us, contact privacy@pulseaiapp.co and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we'll notify you by email or through the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

Contact

For privacy questions, data requests, or concerns about how we handle your information:

privacy@pulseaiapp.co